[ISN] AOL you got Weak Security

From: mea culpa (jerichot_private)
Date: Sat Oct 17 1998 - 15:41:27 PDT

  • Next message: mea culpa: "[ISN] Is Your Kid a Hacker?"

    Forwarded From: phreakmoi <hackerelitet_private>
    AOL: 'You've Got Weak Security!'
    by Michael Stutz
    3:50 p.m.  16.Oct.98.PDT
    America Online's 13 million subscribers were unable to receive email or
    request AOL Web pages Friday morning after a prankster redirected the
    service's domain name address to a small company in Ann Arbor, Michigan. 
    "We identified the problem and we've fixed the routing problem," said AOL
    spokeswoman Ann Brackbill. "Most of it is getting through now -- but there
    may be still some delays because once you correct the address again, it
    takes time to propogate itself through the Internet." 
    Brackbill said that AOL's address was "inadvertently" changed in the main
    domain name server that routes mail from the Internet to AOL (AOL).  This
    was the result of a forged "modify domain" form that was emailed yesterday
    to Network Solutions, stewards of the Internet's Network Information
    Center and root servers. The form is normally used by network
    administrators to inform Network Solutions (NSOL) of updates made to
    servers, or mailing address, or contact information associated with their
    domain name. 
    Last night, somebody emailed Network Solutions a forged template that was
    made to appear as if it came from AOL. The form instructed Network
    Solutions to change the domain record in their "root servers" from aol.com
    to Autonet.  The changes were made Friday at 4:30 a.m. EST and reflected
    in Network Solutions root servers, which in turn sent the new address out
    to other domain-name servers across the Internet. 
    It took several hours to fix. Meanwhile, all email and all to access
    aol.com were bounced to autonet.net. By Friday afternoon, the situation
    was under control, a Network Solutions spokesman said. 
    Normally, update forms must be approved by an official from the affected
    domain. AOL could also have opted for a secure, digitally signed version
    of the form to prevent mischief. 
    "There are three levels of security, and AOL chose the default option,"
    said AOL spokesman Christopher Clough. 
    In the meantime, network administrators for AOL and Autonet produced a
    workaround hack where the Autonet name servers were temporarily designated
    the "authoritative servers" for AOL. The admins set the machine to
    redirect all requests back to the proper servers at AOL. 
    Other network administrators around the Net pitched in to help, making
    temporary changes to their local networks so that their users could still
    access AOL. 
    "We caught it here at work when customers began complaining that AOL was
    unreachable and email was bouncing," said Jeff McAdams, network
    administrator for IgLou Internet Services in Louisville, Kentucky.  So did
    Bryan Blank, a senior systems analyst for Discovernet. 
    "I set up my nameservers to tell my customers' computers and nameservers
    that we are authorative for aol.com, and included as much data as I could
    from the aol.com zone in my nameservers. 
    "This is just an interim solution to keep mail and Web traffic flowing
    between my network and AOL's," Blank said. 
    Brackbill said that while some action may be taken against the
    perpetrator, the origin of the forged email has not been identified. 
    "All we wanted to do was fix it really quickly -- that's really been all
    we've been concentrating on." 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:12 PDT